Jonathan Katz
Thu, 28 Aug 2008 09:27:45 -0700
On Wed, 27 Aug 2008, Hovav Shacham wrote:
----- "Jonathan Katz" <[EMAIL PROTECTED]> wrote:But he probably wants an encryption scheme, not a cipher.Jon, I'm not sure I understand what you mean. If I am reading his message correctly, the original poster seems to be asking for a format-preserving encryption over a domain with 10^40 elements. Format-preserving, it seems to me, implies [a family of keyed] functions that are one-to-one and deterministic. In other words, the best security we can hope for is a PRP on that domain, and this is what B-R gives, starting from a PRP over a "somewhat larger" domain. In this setting, what is the difference between an encryption scheme and a cipher?
Yes, I can see this might cause confusion. Just to clarify: I had emailed the original poster off-line and he told me that he was willing to use other information already being sent in the clear as a non-repeating IV. Given this, secure (and, in particular, non-deterministic) encryption is possible. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]